Lecture note for Chiang Mai University (Thailand) Student by Click Connect Team about how to compile AOSP and create custom ROM for Android devices.

1. Hacking Android OS
http://gplus.to/JimmyLIVE
August 13, 2011
Room TTN1, ITSC-CMU

2. Topics (1)
Why Android?
Introduction to AOSP
(Android Open-Source Project)
Compiling AOSP and Creating ROM
Architecture of Android OS
Android SDK, NDK, ADK
Introduction to CyanogenMod
Input Method Customization
Creating your own Launcher
Theme and Live Wall Paper

3. Topics (2)
Rooting Android Devices
HBoot, FastBoot, Recovery, S-OFF, Unlock
Bootloader
How to cook the Android ROM
Super User, ODEX, Deodex, Zip-align, Signing
How to trap SMS
Sensors in Android Phone
Introduction to Arduino and Android ADK
(Android Accessory Developer Kit)

4. Why Hacking?

5. Why Hacking?
To know how it works
To customize it
To make it better
To enhance it
To have some FUN!
Not to do something illegal.
Not to do piracy.

6. The first step to
Thai Android OS

7. What will you get from this class?
You will get NOTHING from this class but many
links to where to read more
You will break your phone’s warrantee
You may BRICK your phone
You may create the best phone on earth from the
bad SH*T phone in your hands
You may go to jail...

8. In case of Emergency

9. Why Android?

10. Android
Android is an open-source software stack
(OS, Middle ware, Applications) created for
mobile phones and other devices. The Android
Open Source Project (AOSP), led by Google,
is tasked with the maintenance and further
development of Android.

11. Why Android?
“We created Android in response to our own
experiences launching mobile apps. We wanted
to make sure that there was no central point
of failure, so that no industry player can
restrict or control the innovations of any
other. That's why we created Android, and
made its source code open.”
- Google -

12. Why I love Android?
I hate Dumbo!

13. Safe and Fun (for Kids)
Fully automatic turning left (with up & down)
Need to queue and pay
Have to be a “Good Boy” to get riding...

14. http://www.youtube.com/watch?v=15bQjiwzgUA
Un-safe but more Fun (not for Kids)
Turn left by yourself
Need brave heart
Have to be a “Good Boy” to buy BMW 1M

15. AOSP
(Android Open Source Project)

16. AOSP
The goal of the Android Open Source Project
is to create a successful real-world product
that improves the mobile experience for end
users.
To get and compile Android source code:
http:/ /source.android.com/source/
initializing.html

17. Android Release History
1.0 (branch name unknown, backnaming it Apple Pie)
1.1 (branch name unknown, backnaming Banana bread)
1.5 (Cupcake branch)
1.6 (Donut branch)
2.0 (Eclair branch)
2.1 (Eclair branch)
2.2 (Froyo branch)
2.3 (Gingerbread branch)
3.0 (Honeycomb branch)
3.1 (Honeycomb branch)
3.2 (Honeycomb branch)
(Ice Cream Sandwich)

18. To start
Get Android Source
Compile it
Unlock your phone
(lost your phone’s warantee)
Install the result ROM to your phone
(lost all of Google and Bundled apps)

19. Compile AOSP
$ . build/envsetup.sh
$ lunch
(Select target device)
$ make -j4

20. What is Crespo?
Developer Devices
Dream (HTC G1)
Sapphire
Passion (Google Nexus One)
Crespo (Google Nexus S)
Crespo4G (Google Nexus S 4G)

21. Reboot to Bootloader
$ adb reboot bootloader
Use hardware button

22. Unlock Bootloader
$ fastboot oem unlock
On Nexus One, the operation voids the warranty and
is irreversible.
On Nexus S and Nexus S 4G, the bootloader can be
locked back with
$ fastboot oem lock

23. Flash your built ROM
$ fastboot flashall -w
Congratulations!
You lost all Google and bundled apps!

24. Goo-inside.me
Google’s stuff and more...

25. Recovery
Rom Manager
ClockWorkMod Recovery

26. Try Flash
Google Apps
Restore your phone by flash OTA ROM
How to solve problem when you BRICK your
phone

27. HBoot, FastBoot, SPL
Hboot is the init script of the device. In others words, it
makes possible to the device power on and load all the
"programs"
Fastboot is protocol used to update the flash file system in
Android devices from a host over USB
The SPL, or Second Program Loader, in conjunction with the
IPL comprise a device's bootloader. Aside from bootstrapping
Android, the bootloader also fulfills various diagnostic
functions. One of these functions is the manipulation of data
in the device's internal flash ram. Depending on the SPL
installed, the user can apply a signed NBH file, flash nand
images, and more. Note that the SPL is installed and operates
independently of the Android build that runs atop it.

28. FastBoot
Fastboot Cheat Sheet
http://andblogs.net/fastboot/

29. Radio, SPL, Recovery
http://goondroid.com/root
Radio
SPL
System, Cache, Data
Recovery
ROM

30. Android Boot Process
http://www.androidenea.com/2009/06/android-boot-process-from-power-on.html
Boot ROM - load first stage bootloader into
system RAM
Bootloader
First stage bootloader - init memory
Second stage bootloader - load kernel to
RAM
Linux Kernel
The Init process
Zygote and Dalvik VM
The System Server
Boot completed

31. Android Architecture

32. Create your own Android
BeagleBoard
http://beagleboard.org/
Panda Board
http://www.pandaboard.org/
http://www.digikey.com/us/en/ph/texas-
instruments/pandaboard.html

33. CyanogenMod
CyanogenMod is an aftermarket
firmware for a number of cell
phones based on the open-source
Android operating system. It
offers features not found in the
official Android based firmwares
of vendors of these cell phones.
http://www.cyanogenmod.com/

34. MIUI
MIUI, Redefining Android.
MIUI is one of the most popular Android ROMs in
the world.
It is based on Android 2.3 and has a unique UI
that looks and feels great to use. MIUI is
updated every Friday based on the feedback from
its users, it is then translated to English by our
translation team for you all to use and love. So
what are you waiting for, head over to the ROMS
section and download MIUI for your phone.
http://miuiandroid.com/

35. AOSP
Workflow
http://www.androidenea.com/2010/05/
android-open-source-project-workflow.html

36. Fixing Issue

37. Fixing Issue

38. Google TV & Android
The software that Google TV runs is a
version of Android that has been enhanced
to support video search, HDTV signaling, and
a full Google Chrome browser. It current'y
doesn't support certain Android features like
installing third party apps.

39. Writing Android Apps
Android Developer site
http://developer.android.com/index.html
Android SDK
http://developer.android.com/sdk/index.html
ADT plugin for Eclipse
http://developer.android.com/sdk/eclipse-adt.html
Android NDK
http://developer.android.com/sdk/eclipse-adt.html
Android Open Accesory Development Kit (ADK)
http://developer.android.com/guide/topics/usb/adk.html

40. Android App Building Box

41. Replace & Reuse
Components

42. Customize AOSP
Our Goal: Thai Android OS
Thai IME
Thai Launcher
Thai Theme & Live Wallpaper
Thai Web Browser
Thai Date & Time
Thai Character Display
Thai Sorting
Thai Essential Apps

43. Customize IME
(Brief Examples)
packages/inputmethods/LatinIME
Add xml-th
Customize Keyboard layout for THAI
(and many detail to fix and add such as word
suggestion vocabulary and behavior)

44. Launcher Customization
ADW Launcher is a good place to start
http://forum.xda-developers.com/
showthread.php?t=645550
http://code.google.com/p/adw-launcher-
android/
Source code:
https://github.com/AnderWeb/
android_packages_apps_Launcher

45. ADW.Launcher

46. ADW Theme
ADW Theme Guide
http://code.google.com/p/adw-launcher-
android/wiki/ADWThemeGuide
Theme Template
https://github.com/AnderWeb/ADW.Theme-
Template

47. LIVE Wallpaper
Start at “Cube LIVE Wallpaper” sample code
from Android SDK
Tutorial
http://blog.androgames.net/58/android-live-
wallpaper-tutorial/

48. How to Root
Revolutionary
http://forum.xda-developers.com/
showthread.php?t=1191732
SuperBoot
http://android-dls.com/wiki/index.php?
title=Use_Superboot_to_get_root
Galaxy S II
http://forum.xda-developers.com/
showthread.php?t=1103399

49. HTC Bootloader Unlock
(Coming soon)
http://htcdev.com/
While waiting, use Revolutionary :P
http://www.momobiles.com/s-off-htc-flyer-
with-revolutionary-tool/

50. Cooking Android
Unlock Bootloader (S-OFF)
Flash Custom Recovery
Cook a rooted ROM
Flash ROM
Have Fun!

51. dsixda’s Kitchen
A good start for Android ROM Cooker
“This is NOT a tool to automatically turn you into a full-
fledged ROM developer. ROM development normally involves
work from the ground up and involves time, research and
patience. I am just giving the tools to help the average
person get things done quickly from an existing base.”
dsixda

52. Reading about Cooking
How to cook ROM (Hero)
http://forum.xda-developers.com/
showthread.php?t=551711
How to cook ROM (Magic)
http://forum.xda-developers.com/
showthread.php?t=566235
Extract ROM file from HTC’s RUU
http://lukasz.szmit.eu/2010/04/extracting-
rom-files-from-htc-android.html

53. Signed Update.zip
The "signed update" type ROM image always contains the
following components:
boot.img - This file is a binary representation of the root file
system of the device. It contains the system kernel and all
files required to start the core part of Android
system - This is a directory containing all files found
under /system on a running Android device. It has exactly
the same layout.
META-INF - This is directory containing the update manifest
and script. The manifest is a file which lists all file included
in the update, with their SHA1 checksums. The update script
is used to apply the update on a device

54. ODEX File
"Normal" apps have an APK with a manifest, resources, and a
"classes.dex" inside. The classes.dex is optimized by the package
manager on first use, and ends up in /data/dalvik-cache/.
"System" apps have the DEX optimization performed ahead of time. The
resulting ".odex" file is stored next to the APK, the classes.dex is
removed from the APK, and the whole thing works without having to put
more stuff in your /data partition.
The optimized DEX files cannot easily be converted back to unoptimized
DEX, and I'm not sure there's any benefit in doing so. Both kinds of
DEX files can be examined with "dexdump".
More detail can be found in dalvik/docs/dexopt.html in the source
tree, or on the web at:
http://android.git.kernel.org/?p=platform/dalvik.git;a=blob_plain;f=docs/
dexopt.html;hb=HEAD

55. De-odex
Deodex Instruction
http://code.google.com/p/smali/wiki/
DeodexInstructions

56. Boot Logo & Animation
How to create
http://forum.samdroid.net/f55/tutorial-how-
create-custom-bootlogo-bootanimation-863/

57. Trapping SMS
Broadcast Receiver
SMS Received --> Your app --> FUN!

58. ADK & Arduino
Arduino Mega ADK
http://labs.arduino.cc/ADK/Index
Processing for Android
http://wiki.processing.org/w/Android

59. What’s next?
All source code available at
http://clicknect.com
Next Training
Image Processing using OpenCV
Introduction to OpenGL ES
Introduction to WebGL
Introduction to HTML5 Canvas
(You can suggest topics)

60. Thank you
Enjoy your hacking!